Support Ironic Inspector dnsmasq PXE filter
The dnsmasq PXE filter [1] provides far better scalability than the iptables filter typically used. Inspector manages files in a dhcp-hostsdir directory that is watched by dnsmasq via inotify. Dnsmasq then either whitelists or blacklists MAC addresses based on the contents of these files. This change adds a new variable, ironic_inspector_pxe_filter, that can be used to configure the PXE filter for ironic inspector. Currently supported values are 'iptables' and 'dnsmasq', with 'iptables' being the default for backwards compatibility. [1] https://docs.openstack.org/ironic-inspector/latest/admin/dnsmasq-pxe-filter.html Implements: blueprint ironic-inspector-dnsmasq-pxe-filter Change-Id: I73cae9c33b49972342cf1984372a5c784df5cbc2
This commit is contained in:
parent
7598edca5b
commit
4418c1641b
@ -53,6 +53,7 @@ ironic_services:
|
|||||||
- "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "kolla_logs:/var/log/kolla"
|
- "kolla_logs:/var/log/kolla"
|
||||||
|
- "ironic_inspector_dhcp_hosts:/var/lib/ironic-inspector/dhcp-hostsdir"
|
||||||
- "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}"
|
- "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}"
|
||||||
dimensions: "{{ ironic_inspector_dimensions }}"
|
dimensions: "{{ ironic_inspector_dimensions }}"
|
||||||
haproxy:
|
haproxy:
|
||||||
@ -99,6 +100,7 @@ ironic_services:
|
|||||||
- "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
|
- "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
|
||||||
- "/etc/localtime:/etc/localtime:ro"
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
- "kolla_logs:/var/log/kolla"
|
- "kolla_logs:/var/log/kolla"
|
||||||
|
- "ironic_inspector_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro"
|
||||||
dimensions: "{{ ironic_dnsmasq_dimensions }}"
|
dimensions: "{{ ironic_dnsmasq_dimensions }}"
|
||||||
|
|
||||||
|
|
||||||
@ -180,6 +182,7 @@ ironic_console_serial_speed: "115200n8"
|
|||||||
ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }}
|
ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }}
|
||||||
ironic_enable_rolling_upgrade: "yes"
|
ironic_enable_rolling_upgrade: "yes"
|
||||||
ironic_inspector_kernel_cmdline_extras: []
|
ironic_inspector_kernel_cmdline_extras: []
|
||||||
|
ironic_inspector_pxe_filter: iptables
|
||||||
|
|
||||||
####################
|
####################
|
||||||
## Kolla
|
## Kolla
|
||||||
|
@ -20,4 +20,6 @@ dhcp-option=tag:ipxe,option:bootfile-name,{{ ironic_ipxe_url }}/inspector.ipxe
|
|||||||
dhcp-option=tag:efi,tag:!ipxe,option:bootfile-name,ipxe.efi
|
dhcp-option=tag:efi,tag:!ipxe,option:bootfile-name,ipxe.efi
|
||||||
{% endif %}
|
{% endif %}
|
||||||
dhcp-option=option:bootfile-name,{{ ironic_dnsmasq_boot_file }}
|
dhcp-option=option:bootfile-name,{{ ironic_dnsmasq_boot_file }}
|
||||||
|
{% if ironic_inspector_pxe_filter == 'dnsmasq' %}
|
||||||
|
dhcp-hostsdir=/etc/dnsmasq/dhcp-hostsdir
|
||||||
|
{% endif %}
|
||||||
|
@ -34,11 +34,16 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
|
|||||||
policy_file = {{ ironic_policy_file }}
|
policy_file = {{ ironic_policy_file }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
[iptables]
|
|
||||||
dnsmasq_interface = {{ ironic_dnsmasq_interface }}
|
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
connection = mysql+pymysql://{{ ironic_inspector_database_user }}:{{ ironic_inspector_database_password }}@{{ ironic_inspector_database_address }}/{{ ironic_inspector_database_name }}
|
connection = mysql+pymysql://{{ ironic_inspector_database_user }}:{{ ironic_inspector_database_password }}@{{ ironic_inspector_database_address }}/{{ ironic_inspector_database_name }}
|
||||||
|
|
||||||
[processing]
|
[processing]
|
||||||
ramdisk_logs_dir = /var/log/kolla/ironic-inspector
|
ramdisk_logs_dir = /var/log/kolla/ironic-inspector
|
||||||
|
|
||||||
|
[pxe_filter]
|
||||||
|
driver = {{ ironic_inspector_pxe_filter }}
|
||||||
|
|
||||||
|
{% if ironic_inspector_pxe_filter == 'iptables' %}
|
||||||
|
[iptables]
|
||||||
|
dnsmasq_interface = {{ ironic_dnsmasq_interface }}
|
||||||
|
{% endif %}
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds support for the `Ironic Inspector dnsmasq PXE filter
|
||||||
|
<https://docs.openstack.org/ironic-inspector/latest/admin/dnsmasq-pxe-filter.html>`__
|
||||||
|
that provides improved scalability over the default IPTables PXE filter.
|
||||||
|
This can be enabled by setting ``ironic_inspector_pxe_filter`` to
|
||||||
|
``dnsmasq``.
|
Loading…
x
Reference in New Issue
Block a user